It's time to reset the 'Days without a Facebook data loss' sign after 500 million records left exposed on AWS

The details of millions of Facebook accounts have been left ripe for harvesting thanks to a pair of careless developers.

Professional Shodan jockey Chris Vickery of Upguard spotted a pair of exposed AWS S3 buckets that appear to belong to the coders behind Cultura Colectiva and At the Pool, a pair of third party apps for Facebook.

Vickery - Cultura - Colectiva - Database - Caches

Vickery noted that, of the two, the Cultura Colectiva database was by far the larger of the caches. That database held about 540 million records from Facebook users, mostly in Mexico and Latin America, who subscribed to the Spanish-language news and culture app.

The exposed Cultura Colectiva database included information such as user comments, likes, reactions, Facebook ID number, and account names of the people who had opted in to the Cultura Colectiva Facebook app. While not particularly sensitive, Vickery says that the data was important from a marketing standpoint, as it would allow publishers and marketers to see which stories and videos were generating the most traffic and comments.

Vickery - Attempts - Contact - Firm - January

Vickery says that despite multiple attempts at contact the firm dating back to January 10, Cultura Colectiva did not respond or act on the exposed data, which was only taken down after Upguard's report went live.